Adore-ng 0.31 released and POC code for do

Adore-ng 0.31 released and POC code for do_mremap()
Adore-ng 0.31 released A new version of the "adore" rootkit for Linux systems has been released. According to the information found within the source tarball, the new version has the following feature set: - runs on kernel 2.4.x UP and SMP systems - first test-versions successfully run on 2.6.0 - file and directory hiding - process hiding - socket-hiding (no matter whether LISTENing, CONNECTED etc) - full-capability back door - does not utilize sys_call_table but VFS layer - KISS principle, to have as less things in there as possible but also being as much powerful as possible Something to watch out for... POC Code for the Linux Kernel do_mremap() exploit posted at bugtraq Christophe Devine and Julien Tinnes have posted proof-of-concept code at bugtraq for the recently announced do_mremap() flaw in Linux kernels 2.2, 2.4 and 2.6. Once proof-of-concept code is released, working exploits are generally not far in the future. Although at first blush this vulnerability appears to be limited to being a local exploit, it could be used to escalate privilege following a successful remote attack. Time to get patching those kernels folks... Mailbag: In today's mailbag we received this question, "MS says I have the blaster worm on my computer. How do I get rid of it?" Well, Microsoft generally doesn't tell you that you are infected with any particular worm or virus, so most likely what you saw was a Windows Messenger pop-up spam advertising an anti-virus product. But if you do suspect that you are infected with Blaster, Symantec has a nice removal tool at: http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html Once you have removed it - you will want to make sure you update your computer. Go to http://v4.windowsupdate.microsoft.com/en/default.asp and make sure that you get all of the service packs and patches on your computer. You will need to click on the "Scan for Updates" link and it will advise you of which updates have not been applied to your computer. Please install all of the recommended items. This will help to prevent a reinfection in the near future. It is important that you run a good Anti-Virus program and keep it up to date, install service packs and patches as recommended by Microsoft, and avoid opening attachments on emails that are suspicious in nature. If you recently purchased a new WinXP system, or received one as a gift, be sure to get help in securing your new system: http://isc.sans.org/presentations/xpsurvivalguide.pdf Many thanks to Marcus Sachs for his suggestions on this entry. --------------------------------------- Handler on duty: Tom Liston - http://www.labreatechnologies.com	Tom 160 Posts ISC Handler
Subscribe	Jan 7th 2004 1 decade ago